I no longer maintain this repository as I have not worked professionally with SharePoint since 2015.
PowerShell scripts to automatically apply the SharePoint 2013, IIS 7 Server, IIS 7 Site, and SQL 2012 Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) to SharePoint 2013 farms.
- Download or clone this repository:
git clone https://github.com/alulsh/SharePoint-2013-STIGs.git - Update the
$downloadFoldervariable inSharePoint2013\InstallModule.ps1with the path to theSharePoint2013directory in the cloned repository. - Run
SharePoint2013\InstallModule.ps1. - The module files will be copied to the modules folder for your user account. This is typically
C:\Users\username\Documents\WindowsPowerShell\Modules\. If the folder does not exist already it will be created as part of the installation script.
Open up the PowerShell console or ISE and run Install-Module SharePoint2013STIGs. The module should load with no errors and its functions should be available for use.
Run SharePoint2013\ApplySharePointSTIGs.ps1 to apply all of the SharePoint STIG configuration PowerShell functions from the module. The variables in this script can be modified as necessary to suit the configuration of your farm.
- Download or clone this repository:
git clone https://github.com/alulsh/SharePoint-2013-STIGs.git - Update the
$downloadFoldervariable inIIS7\InstallModule.ps1with the path to theIIS7directory in the cloned repository. - Run
IIS7\InstallModule.ps1. - The module files will be copied to the modules folder for your user account. This is typically
C:\Users\username\Documents\WindowsPowerShell\Modules\. If the folder does not exist already it will be created as part of the installation script.
Open up the PowerShell console or ISE and run Install-Module IIS7STIGs. The module should load with no errors and its functions should be available for use.
Run IIS7\ApplyIIS7STIGs.ps1 to apply all of the STIG configuration scripts with the provided IIS Handler Mapping blacklist and request filtering allowed file extensions CSVs. This script can be modified as necessary to remove STIG configurations or to use your own CSV files.
- Download or clone this repository:
git clone https://github.com/alulsh/SharePoint-2013-STIGs.git - Update the
$downloadFoldervariable inPermissionsFunctions\InstallModule.ps1with the path to thePermissionsFunctionsdirectory in the cloned repository. - Run
PermissionsFunctions\InstallModule.ps1. - The module files will be copied to the modules folder for your user account. This is typically
C:\Users\username\Documents\WindowsPowerShell\Modules\. If the folder does not exist already it will be created as part of the installation script.
- Update the
$downloadFoldervariable inSQL2012\InstallModule.ps1with the path to theSQL2012directory in the cloned repository. - Run
SQL2012\InstallModule.ps1. - The module files will be copied to the modules folder for your user account. This is typically
C:\Users\username\Documents\WindowsPowerShell\Modules\. If the folder does not exist already it will be created as part of the installation script.
Open up the PowerShell console or ISE and run Install-Module PermissionsFunctions and Install-Module SQL2012STIGs. The modules should load with no errors and their functions should be available for use.
Run SQL2012\ApplySQLSTIGs.ps1 to apply all of the STIG configuration scripts for SQL 2012. This script can be modified as necessary to change or remove specific STIG configurations.
All scripts and supporting files are offered "as is" with no warranty. While I have tested these scripts in my environment, you should always vet and verify these scripts in a test environment before deploying them to production servers.
It is highly recommended to take snapshots before applying these STIGs in a virtualized environment. All web, application, and database servers in the entire SharePoint farm MUST be powered off while taking these snapshots in order to ensure a successful restore.
These scripts are available under the GPLv3 license.